muggel: init location

group_vars/all/imageprofile.yml

@@ -15,7 +15,6 @@ all__packages__to_merge:
   - collectd-mod-ping
   - collectd-mod-uptime
   - ethtool
-  - hostapd-wolfssl
   - ip6tables                  # Its not pulled in by default anymore bc fw4
   - iperf3
   - iwinfo
@@ -26,21 +25,24 @@ all__packages__to_merge:
   - vnstat
   - -ppp
   - -ppp-mod-pppoe
+
+ssl__packages__to_merge:
   - -wpad-basic
   - -wpad-basic-mbedtls
   - -wpad-basic-wolfssl
+  - -libustream-mbedtls
+  - libustream-wolfssl
+  - hostapd-wolfssl
+  - px5g-wolfssl
 
 all_luci_base__packages__to_merge:
   - libiwinfo-lua
-  - libustream-wolfssl
   - luci-mod-admin-full
   - luci-proto-ipv6
   - luci-theme-bootstrap
-  - px5g-wolfssl
   - rpcd-mod-rrdns
   - uhttpd
   - uhttpd-mod-ubus
-  - -libustream-mbedtls
 
 all_disabled_services__to_merge:
   - "olsrd6"

locations/muggel.yml

@@ -0,0 +1,123 @@
+---
+
+location: muggel
+location_nice: Müggelspree
+latitude: 52.42612
+longitude: 13.71208
+contact_nickname: Packet Please
+contacts:
+  - [email protected]
+
+# Quad9 unfiltered DNS
+dns_servers:
+  - 2620:fe::10
+  - 2620:fe::fe:10
+  - 9.9.9.10
+  - 149.112.112.10
+
+# 10.31.220.0/26
+# 10.31.220.0/29 - mgmt
+# 10.31.220.8/29 - mesh
+# 10.31.220.16/28 - prdhcp not used
+# 10.31.220.32/27 - dhcp
+ipv6_prefix: 2001:bf7:840:1100::/56
+
+hosts:
+
+  - hostname: muggel-core
+    role: corerouter
+    model: avm_fritzbox-4040
+    wireless_profile: muggel
+
+networks:
+
+  - vid: 20
+    role: mesh
+    name: mesh_core
+    prefix: 10.31.220.8/32
+    ipv6_subprefix: 20
+    mesh_ap: muggel-core
+    mesh_radio: 11a_standard
+    mesh_iface: mesh
+
+  - vid: 40
+    role: dhcp
+    inbound_filtering: true
+    enforce_client_isolation: true
+    prefix: 10.31.220.32/27
+    ipv6_subprefix: 40
+    assignments:
+      muggel-core: 1
+
+  - vid: 42
+    role: mgmt
+    prefix: 10.31.220.0/29
+    gateway: 1
+    dns: 1
+    ipv6_subprefix: 42
+    assignments:
+      muggel-core: 1
+      muggel-uplink: 2
+
+  # We get at best ~25 Mbps over LTE (Telefonica O2)
+  - vid: 50
+    untagged: true
+    role: uplink
+    tunnel_wan_ip: 192.168.188.2/24
+    tunnel_wan_gw: 192.168.188.1
+    tunnel_connections: 1
+    tunnel_timeout: 600
+    tunnel_mesh_prefix_ipv4: 10.31.220.10/32
+
+# We expect L2 peers on our switch to be dynamic, naywatch won't work for that
+location__disabled_services__to_merge:
+  - naywatch
+
+# Use OpenSSL to get OWE Transition Mode working.
+# Same variable name as in imageprofile.yml so that we overwrite it.
+ssl__packages__to_merge:
+  - -wpad-basic
+  - -wpad-basic-mbedtls
+  - -wpad-basic-wolfssl
+  - -libustream-mbedtls
+  - libustream-openssl
+  - hostapd-openssl
+  # - px5g-openssl
+
+# Standard open SSID with OWE Transition Mode.
+# For roaming between multiple APs, consider setting 80211w to optional (1).
+location__wireless_profiles__to_merge:
+  - name: muggel
+    devices:
+      - radio: 11a_standard
+        legacy_rates: false
+        country: DE
+      - radio: 11g_standard
+        legacy_rates: false
+        country: DE
+      - radio: 11a_mesh
+        legacy_rates: false
+        country: DE
+    ifaces:
+      - mode: ap
+        ssid: berlin.freifunk.net
+        encryption: none
+        network: dhcp
+        radio: [11a_standard, 11g_standard]
+        ifname_hint: ff
+        owe_transition_ifname_hint: ffowe
+      - mode: ap
+        ssid: berlin.freifunk.net OWE
+        hidden: true
+        encryption: owe
+        network: dhcp
+        radio: [11a_standard, 11g_standard]
+        ifname_hint: ffowe
+        owe_transition_ifname_hint: ff
+        ieee80211w: 2
+      - mode: mesh
+        mesh_id: Mesh-Freifunk-Berlin
+        radio: [11a_standard, 11g_standard, 11a_mesh]
+        mcast_rate: 12000
+        mesh_fwding: 0
+        ifname_hint: mesh